Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112)
Essential information
- Published
- 10/07/2024 09:24
- Modified
- 10/07/2024 09:29
- Tags
- 2024-07-10 CVE-2021-40444 CVE-2023-36025 CVE-2024-38112 exploitation internet explorer malicious files social engineering windows zero-day
- Related entities
- 3 vulnerabilities (cve), 7 observables, 7 techniques (mitre)
Description
Check Point Research discovered threat actors leveraging novel techniques to execute malicious code on Windows systems by exploiting Internet Explorer's vulnerabilities. The attackers utilized specially crafted .url files that, when opened, would launch IE and visit attacker-controlled URLs. Additionally, they employed a trick to hide the .hta extension, tricking victims into executing malicious code disguised as a PDF file. This campaign has been active since January 2023, targeting various industries and utilizing multiple MITRE ATT&CK techniques.